| Summary: | dovecot new security issues CVE-2020-1095[78] and CVE-2020-10967 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, mageia, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | dovecot-2.3.7.2-1.1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-05-19 19:20:37 CEST
Advisory ======== Dovecot has been updated to fix several security issues. CVE-2020-10957: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. CVE-2020-10958: Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submission or lmtp service. CVE-2020-10967: Sending mail with empty quoted localpart causes submission or lmtp component to crash. References ========== https://www.openwall.com/lists/oss-security/2020/05/18/1 https://nvd.nist.gov/vuln/detail/CVE-2020-10957 https://nvd.nist.gov/vuln/detail/CVE-2020-10958 https://nvd.nist.gov/vuln/detail/CVE-2020-10967 Files ===== Uploaded to core/updates_testing dovecot-pigeonhole-2.3.10.1-1.mga7 dovecot-devel-2.3.10.1-1.mga7 dovecot-pigeonhole-devel-2.3.10.1-1.mga7 dovecot-plugins-ldap-2.3.10.1-1.mga7 dovecot-plugins-pgsql-2.3.10.1-1.mga7 dovecot-plugins-mysql-2.3.10.1-1.mga7 dovecot-plugins-sqlite-2.3.10.1-1.mga7 dovecot-plugins-gssapi-2.3.10.1-1.mga7 dovecot-2.3.10.1.mga7 from dovecot-2.3.10.1-1.mga7.src.rpm Assignee:
smelror =>
qa-bugs Installed and tested without issues.
Tested with various accounts with several GiB of emails. Tested with kmail, roundcubemail and k9 clients.
System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.
$ uname -a
Linux marte 5.6.8-desktop-1.mga7 #1 SMP Thu Apr 30 06:12:53 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep dovecot
dovecot-2.3.10.1-1.mga7
dovecot-pigeonhole-2.3.10.1-1.mga7
$ systemctl status dovecot.service dovecot.socket
dovecot.service dovecot.socket
$ systemctl status dovecot.service dovecot.socket
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2020-05-19 21:02:02 WEST; 16min ago
Docs: man:dovecot(1)
http://wiki2.dovecot.org/
Main PID: 15041 (dovecot)
Tasks: 5 (limit: 4697)
Memory: 12.5M
CGroup: /system.slice/dovecot.service
├─15041 /usr/sbin/dovecot -F
├─15044 dovecot/anvil
├─15045 dovecot/log
├─15047 dovecot/config
└─15049 dovecot/stats
mai 19 21:17:44 marte dovecot[15045]: imap-login: Login: user=<pclx>, method=PLAIN, rip=fd00:0:1:1::1, lip=fd00:0:1:1::1, mpid=15982, secured, session=<nXbh+AWmOKH9AAAAAAEAAQAAAAAAAAAB>
mai 19 21:17:44 marte dovecot[15045]: imap(pclx)<15982><nXbh+AWmOKH9AAAAAAEAAQAAAAAAAAAB>: Logged out in=44 out=1407 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
mai 19 21:17:44 marte dovecot[15045]: imap-login: Login: user=<pclx>, method=PLAIN, rip=fd00:0:1:1::1, lip=fd00:0:1:1::1, mpid=15988, secured, session=<0Qbq+AWmOqH9AAAAAAEAAQAAAAAAAAAB>
mai 19 21:17:44 marte dovecot[15045]: imap-login: Login: user=<pclx>, method=PLAIN, rip=fd00:0:1:1::1, lip=fd00:0:1:1::1, mpid=15990, secured, session=<z0Pq+AWmPKH9AAAAAAEAAQAAAAAAAAAB>
mai 19 21:17:44 marte dovecot[15045]: imap(pclx)<15988><0Qbq+AWmOqH9AAAAAAEAAQAAAAAAAAAB>: Logged out in=1073 out=3389 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
mai 19 21:17:44 marte dovecot[15045]: imap(pclx)<15990><z0Pq+AWmPKH9AAAAAAEAAQAAAAAAAAAB>: Logged out in=303 out=2829 deleted=0 expunged=0 trashed=0 hdr_count=3 hdr_bytes=992 body_count=0 body_bytes=0
mai 19 21:17:46 marte dovecot[15045]: imap-login: Login: user=<pclx>, method=PLAIN, rip=fd00:0:1:1::1, lip=fd00:0:1:1::1, mpid=15999, secured, session=<GiIL+QWmQKH9AAAAAAEAAQAAAAAAAAAB>
mai 19 21:17:46 marte dovecot[15045]: imap(pclx)<15999><GiIL+QWmQKH9AAAAAAEAAQAAAAAAAAAB>: Logged out in=323 out=23224 deleted=0 expunged=0 trashed=0 hdr_count=38 hdr_bytes=13386 body_count=0 body_bytes=0
mai 19 21:18:31 marte dovecot[15045]: imap(pclx)<15166><mzhBzQWmRJ/9AAAAAAEAAQAAAAAAAAAB>: Logged out in=151674 out=221896 deleted=0 expunged=2 trashed=0 hdr_count=2 hdr_bytes=5121 body_count=25 body_bytes=20>
mai 19 21:18:31 marte dovecot[15045]: imap(pclx)<15052><OIzJwAWmOp/9AAAAAAEAAQAAAAAAAAAB>: Logged out in=161 out=19294 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
● dovecot.socket - Dovecot IMAP/POP3 email server activation socket
Loaded: loaded (/usr/local/lib/systemd/system/dovecot.socket; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-05-19 10:32:30 WEST; 10h ago
Listen: 10.0.0.1:143 (Stream)
10.0.0.1:993 (Stream)
[fd00:0:1:1::1]:143 (Stream)
[fd00:0:1:1::1]:993 (Stream)
Tasks: 0 (limit: 4697)
Memory: 196.0K
CGroup: /system.slice/dovecot.socket
mai 19 10:32:30 marte systemd[1]: Listening on Dovecot IMAP/POP3 email server activation socket.CC:
(none) =>
mageia Validating. Advisory in Comment 1. CC:
(none) =>
andrewsfarm, sysadmin-bugs Ubuntu has issued an advisory for this on May 18: https://usn.ubuntu.com/4361-1/
Thomas Backlund
2020-05-24 16:11:05 CEST
CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0222.html Status:
NEW =>
RESOLVED |